flat assembler
Message board for the users of flat assembler.
 Home   FAQ   Search   Register 
 Profile   Log in to check your private messages   Log in 
flat assembler > OS Construction > Just for the H@CK of it

Author
Thread Post new topic Reply to topic
Mike Gonta



Joined: 26 Dec 2010
Posts: 202

Just for the H@CK of it

Just for the H@CK of it here is an x86 (but not x64) executable signature which is essentially a nop in that it only
modifies the flags (but not the carry flag). An executable signature can be easily located and also run as code
without ill effect.

Code:

  db "H@CK"



disassembles as:

Code:

  dec ax ; 'H'
  inc ax ; '@'
  inc bx ; 'C'
  dec bx ; 'K'



The interesting thing is that the same register pair of inc / dec in close proximity to each other (they don't
necessarily have to follow each other, or be any particular order) will not normally be found in working code.
Because of this, really only the first two (or 4 in 32 bit) need to be located and the rest of the "word" makes
a nice "Easter Egg" for H@CKers disassembling the code.

_________________
Mike Gonta
look and see - many look but few see

http://mikegonta.com
Post 10 Jan 2017, 23:36
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 6961
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699


online assembler wrote:

0: 66 48 dec ax
2: 66 40 inc ax
4: 66 43 inc bx
6: 66 4b dec bx



48,40,43,4b hex ascii is H@CK

very cool indeed, definitely not coincidence Idea
Post 12 Jan 2017, 09:48
View user's profile Send private message Reply with quote
Mike Gonta



Joined: 26 Dec 2010
Posts: 202


sleepsleep wrote:

online assembler wrote:
0: 66 48 dec ax
2: 66 40 inc ax
4: 66 43 inc bx
6: 66 4b dec bx

48,40,43,4b hex ascii is H@CK


Actually, that's "fHf@fCfK".
In 32 bit asm it's:

Code:
  dec eax ; 'H'
  inc eax ; '@'
  inc ebx ; 'C'
  dec ebx ; 'K'


_________________
Mike Gonta
look and see - many look but few see

http://mikegonta.com
Post 12 Jan 2017, 10:05
View user's profile Send private message Reply with quote
Tomasz Grysztar
Assembly Artist


Joined: 16 Jun 2003
Posts: 6685
Location: Kraków, Poland

For 64-bit mode you may try this one:

Code:
db 'ASM['


Code:
0:  41 53  push r11
2:  4D 5B  pop r11

Or perhaps you can find something better?
Post 12 Jan 2017, 10:22
View user's profile Send private message Visit poster's website Reply with quote
Mike Gonta



Joined: 26 Dec 2010
Posts: 202


Tomasz Grysztar wrote:
For 64-bit mode you may try this one:

Code:
db 'ASM['


Code:
0:  41 53  push r11
2:  4D 5B  pop r11

Or perhaps you can find something better?

There's nothing better than this!

Code:
use32
  inc esi
  inc ecx
  push ebx
  dec ebp
  dec esi
  dec ecx
  pop ebx
  inc ebp


Code:
  db "FASM"


_________________
Mike Gonta
look and see - many look but few see

http://mikegonta.com
Post 12 Jan 2017, 10:57
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 6961
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699


Mike Gonta wrote:

sleepsleep wrote:

online assembler wrote:
0: 66 48 dec ax
2: 66 40 inc ax
4: 66 43 inc bx
6: 66 4b dec bx

48,40,43,4b hex ascii is H@CK


Actually, that's "fHf@fCfK".
In 32 bit asm it's:

Code:
  dec eax ; 'H'
  inc eax ; '@'
  inc ebx ; 'C'
  dec ebx ; 'K'




idk why the online assembler prepend 66 there, i tried another online assembler,

Image

you are correct, definitely H@CK using xxd dump

Embarassed Embarassed Embarassed
just realize i am using ax and bx, Embarassed Embarassed Embarassed my low end cheap processor Laughing Laughing Laughing
Post 12 Jan 2017, 11:00
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 6961
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699


Mike Gonta wrote:

Tomasz Grysztar wrote:
For 64-bit mode you may try this one:

Code:
db 'ASM['


Code:
0:  41 53  push r11
2:  4D 5B  pop r11

Or perhaps you can find something better?

There's nothing better than this!

Code:
use32
  inc esi
  inc ecx
  push ebx
  dec ebp
  dec esi
  dec ecx
  pop ebx
  inc ebp


Code:
  db "FASM"




wow! amazing!
Post 12 Jan 2017, 11:06
View user's profile Send private message Reply with quote
Mike Gonta



Joined: 26 Dec 2010
Posts: 202


Mike Gonta wrote:
There's nothing better than this!

Code:
  db "FASM"


Of course, to be fair to the "other" assemblers, these are just as good.

_________________
Mike Gonta
look and see - many look but few see

http://mikegonta.com
Post 12 Jan 2017, 11:07
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15323
Location: Bigweld Industries


Mike Gonta wrote:
There's nothing better than this!

Code:
use32
  inc esi
  inc ecx
  push ebx
  dec ebp
  dec esi
  dec ecx
  pop ebx
  inc ebp


Code:
  db "FASM"


I get this: FASMNI[E
Post 12 Jan 2017, 14:14
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >

Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2005 phpBB Group.

Main index   Download   Documentation   Examples   Message board
Copyright © 2004-2017, Tomasz Grysztar.